> http://www.mailpure.com/software/decludefilters/anti-av/Anti-A > V_v1-0-2.zip
Oh.. I've must have missed this. At the moment I'm testing your filter file. Looks like with 1.77beta the END statements doesn't work so I have to comment them out. This creates a lot of positives result (adding fortunately only a few points) that has nothing to do with NDRs caused by MassMailer worms. At the moment I've not adapted the weights for my HOLD-ON-100 system but I can see that both catched MM-NDRs and false positives will have the same points (most of them between 2 to 8 points) So I assume this will create a lot of false positives. > Unfortunately there is no good way to separate unknown user > or full account NDR's from some others, however you can > uncomment the null sender line in this filter to add some > points so that any suggestive hit will put it over the top. > You can also set up a filter with just the null sender and > block (hold) that per domain when outbreaks are particularly > bad, but bare in mine that legit bounces can be blocked as well. In my opinion your filter file can help a little bit but I'me pretty sure that to solve this problem we need some AND/OR/NOT logic. As I understand holding a legit NDR does not only violate some RFCs but can create also seriuos problems because neither sender nor recipient know about the failed delivery. Anyone else can see more MassMailer-NDRs then Spam passing the filters? Scott: Are combo tests a tecnical or a "missing-time" problem or do you consider them not so usefull? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
